A sweeping revision of the classic computer security text. This book provides end-to-end, detailed coverage of the state of the art in all aspects of computer security. Starting with a clear, in-depth review of cryptography, it also covers specific options for securing software and data against malicious code and intruders; the special challenges of securing networks and distributed systems; firewalls; ways to administer security on personal computers and UNIX systems; analyzing security risks and benefits; and the legal and ethical issues surrounding computer security.
目 錄
eword xix
Preface xxv
Chapter 1: Is There a Security Problem in Computing? 1
1.1 What Does ”Secure” Mean? 1
1.2 Attacks 5
1.3 The Meaning of Computer Security 9
1.4 Computer Criminals 21
1.5 Methods of Defense 23
1.6 What’s Next 30
1.7 Summary 32
1.8 Terms and Concepts 32
1.9 Where the Field Is Headed 33
1.10 To Learn More 34
1.11 Exercises 34
Chapter 2: Elementary Cryptography 37
2.1 Terminology and Background 38
2.2 Substitution Ciphers 44
2.3 Transpositions (Permutations) 55
2.4 Making ”Good” Encryption Algorithms 59
2.5 The Data Encryption Standard 68
2.6 The AES Encryption Algorithm 72
2.7 Public Key Encryption 75
2.8 The Uses of Encryption 79
2.9 Summary of Encryption 91
2.10 Terms and Concepts 92
2.11 Where the Field Is Headed 93
2.12 To Learn More 94
2.13 Exercises 94
Chapter 3 Program Security 98
3.1 Secure Programs 99
3.2 Nonmalicious Program Errors 103
3.3 Viruses and Other Malicious Code 111
3.4 Targeted Malicious Code 141
3.5 Controls Against Program Threats 160
3.6 Summary of Program Threats and Controls 181
3.7 Terms and Concepts 182
3.8 Where the Field Is Headed 183
3.9 To Learn More 185
3.10 Exercises 185
Chapter 4 Protection in General-Purpose Operating Systems 188
4.1 Protected Objects and Methods of Protection 189
4.2 Memory and Address Protection 193
4.3 Control of Access to General Objects 204
4.4 File Protection Mechanisms 215
4.5 User Authentication 219
4.6 Summary of Security for Users 236
4.7 Terms and Concepts 237
4.8 Where the Field Is Headed 238
4.9 To Learn More 239
4.10 Exercises 239
Chapter 5 Designing Trusted Operating Systems 242
5.1 What Is a Trusted System? 243
5.2 Security Policies 245
5.3 Models of Security 252
5.4 Trusted Operating System Design 264
5.5 Assurance in Trusted Operating Systems 287
5.6 Summary of Security in Operating Systems 312
5.7 Terms and Concepts 313
5.8 Where the Field Is Headed 315
5.9 To Learn More 315
5.10 Exercises 316
Chapter 6 Database and Data Mining Security 318
6.1 Introduction to Databases 319
6.2 Security Requirements 324
6.3 Reliability and Integrity 329
6.4 Sensitive Data 335
6.5 Inference 341
6.6 Multilevel Databases 351
6.7 Proposals for Multilevel Security 356
6.8 Data Mining 367
6.9 Summary of Database Security 371
6.10 Terms and Concepts 371
6.11 Where the Field Is Headed 372
6.12 To Learn More 373
6.13 Exercises 373
Chapter 7 Security in Networks 376
7.1 Network Concepts 377
7.2 Threats in Networks 396
7.3 Network Security Controls 440
7.4 Firewalls 474
7.5 Intrusion Detection Systems 484
7.6 Secure E-mail 490
7.7 Summary of Network Security 496
7.8 Terms and Concepts 498
7.9 Where the Field Is Headed 500
7.10 To Learn More 502
7.11 Exercises 502
Chapter 9 The Economics of Cybersecurity 571
9.1 Making a Business Case 572
9.2 Quantifying Security 578
9.3 Modeling Cybersecurity 589
9.5 Summary 599
9.6 Terms and Concepts 600
9.7 To Learn More 601
9.8 Exercises 601
Chapter 10 Privacy in Computing 603
10.1 Privacy Concepts 604
10.2 Privacy Principles and Policies 608
10.3 Authentication and Privacy 619
10.4 Data Mining 623
10.5 Privacy on the Web 626
10.6 E-mail Security 635
10.7 Impacts on Emerging Technologies 638
10.8 Summary 643
10.9 Terms and Concepts 643
10.10 Where the Field Is Headed 645
10.11 To Learn More 645
10.12 Exercises 646
Chapter 11 Legal and Ethical Issues in Computer Security 647
11.1 Protecting Programs and Data 649
11.2 Information and the Law 663
11.3 Rights of Employees and Employers 670
11.4 Redress for Software Failures 673
11.5 Computer Crime 679
11.6 Ethical Issues in Computer Security 692
11.7 Case Studies of Ethics 698
11.8 Terms and Concepts 714
11.9 To Learn More 714
11.10 Exercises 715
Chapter 12 Cryptography Explained 717
12.1 Mathematics for Cryptography 718
12.2 Symmetric Encryption 730
12.3 Public Key Encryption Systems 757
12.4 Quantum Cryptography 774
12.5 Summary of Encryption 778
12.6 Terms and Concepts 778
12.7 Where the Field Is Headed 779
12.8 To Learn More 779
12.9 Exercises 779
